Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Further reading

Weiner added that the concept and technology behind InsightPhish was developed by the same team that helps to build Rapid7's Metasploit products. The Metasploit framework is an open-source penetration testing framework, with Rapid7 selling commercial versions that provide enhanced enterprise capabilities. Metasploit has long provided multiple tools to help organizations test for email security and phishing. Weiner noted that Metasploit Pro is for testing the likelihood of exploitation, which is somewhat different than what the purpose is for the new InsightPhish service.

"We worked with various customers throughout the development of InsightPhish and believe these two tools complement one another," Weiner said.

InsightPhish provides multiple capabilities, including the ability to 'cast' or conduct phishing simulations. Weiner said that InsightPhish can also enable users to catch potential attackers and classify indicators of phishing.

"It does not capture credentials, infect targets, or support phishing simulation on email domains that the user's organization does not own," Weiner said. "InsightPhish makes it easy for even the most time-constrained employees to report suspected phishing emails to catch the potential attacker with one-click reporting for G Suite, Office 365 and Outlook users."

Weiner added that InsightPhish does not actually block phishing messages at the email gateway. That said, he noted that InsightPhish provides Indicators of Phishing (IOPs), which includes context about the messages being reviewed, allowing security teams to take action by quickly highlighting potentially malicious messages.

Business Email Compromise

Among the most costly types of phishing attacks are Business Email Compromise (BEC), which aim to trick users into paying fraudulent invoices. In May 2017, the Federal Bureau of Investigation's Internet Crime Complaint Center (IC3), reported that BEC scams have led to $5.3 billion in financial loses globally since October 2013.

"Since BEC is a more targeted phishing approach we believe that the ability for users to share insight on what is happening within their environment and or their vertical industry will be critical," Weiner said. "One of the goals for InsightPhish is not simply to help organizations with this critical challenge, but to also allow for the sharing of trends and analysis to help people in the same industry."

The market for security technologies that protect against phishing is very competitive with multiple vendors actively developing services including Symantec, Knowbe4, Trend Micro and Barracuda Networks among others. Weiner said that security operations (SecOps) teams are increasingly looking to be more efficient through the use of technology and automation.

"Customers have told us that there is a strong need to increase visibility into the risk of phishing and reduce the time it takes to analyze potential phishing attempts," Weiner said. "We saw an opportunity to do that with our technology and domain expertise, while providing customers with a superior user experience."

While there is no shortage of competition in the phishing security space, there also is no slowdown in the continued volume of phishing attacks either.

"Phishing is the most common attack vector through which threats enter organizations," Weiner said. "We don’t expect this to change dramatically in the future, and we anticipate publishing research that reflects our development experience with InsightPhish."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.